Slide 39
Slide 39 text
Ensure images pass the policy
$ snyk container test ghcr.io/garethr/snykt/app --file=app/Dockerfile --json | conftest test -
4 tests, 4 passed, 0 warnings, 0 failure, 0 exceptions
To enforce or not to enforce?
Over time it’s best to move towards enforcing policies automatically, but to start with you’ll probably
want to roll out slowly and carefully. You might already have these policies written down, but unless
you’re automatically checking or enforcing you’ll likely have a long tail of images in breach.
The advantage of Snyk is you can help developer test early in the SDLC, on the local machine or in CI,
when it’s fast and cheap to fix the problem.